RESOLVED FIXED 32489
feMerge crahses if feMergeNodes attribute in is empty 
https://bugs.webkit.org/show_bug.cgi?id=32489
Summary feMerge crahses if feMergeNodes attribute in is empty
Dirk Schulze
Reported 2009-12-13 08:43:43 PST
Created attachment 44757 [details] feMergeNode empty -- crash If one of the feMergeNodes attribute 'in' is empty and the related feMerge element is not the first effect of the filter, webkit crashes. If the 'in' attribute is empty, SVGFilterBuilder::getElementById gives either one of the predefined SourceGraphics back or the last effect that was added. This works if there is no last effect. The SourceGraphic is given back and no crash appears. We have a test for this: svg/custom/emty-merge.svg. In the case of a lastEffect, getElementId also gives the right effect back. But WebKit crashes during WebCore::FilterEffect::calculateEffectRect in FEMerge. I don't have a debug build atm, but I guess that the reference to the last effect is bogus. I attached an example. Everything works, if feOffset gets an result="" and the mergeNode adresses this result.
Attachments
feMergeNode empty -- crash (643 bytes, image/svg+xml)
2009-12-13 08:43 PST, Dirk Schulze 		no flags
Details
fix of feMerge (24.46 KB, patch)
2009-12-16 13:24 PST, Dirk Schulze 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Dirk Schulze
Comment 1 2009-12-16 13:24:30 PST
Created attachment 45010 [details] fix of feMerge Take the reference of the effect not just the pointer. This fixes the crash.
Dirk Schulze
Comment 2 2009-12-16 13:25:03 PST
Comment on attachment 45010 [details] fix of feMerge sorry, wrong flag.
WebKit Review Bot
Comment 3 2009-12-16 13:29:33 PST
style-queue ran check-webkit-style on attachment 45010 [details] without any errors.
Nikolas Zimmermann
Comment 4 2009-12-16 13:45:41 PST
Comment on attachment 45010 [details] fix of feMerge LGTM, r=me.
WebKit Commit Bot
Comment 5 2009-12-16 13:57:02 PST
Comment on attachment 45010 [details] fix of feMerge Clearing flags on attachment: 45010 Committed r52219: <http://trac.webkit.org/changeset/52219>
WebKit Commit Bot
Comment 6 2009-12-16 13:57:06 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.